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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
November 30, 2005 has been entered. 

2. Claims 1 -20 are currently being considered. 

Response to Arguments 

3. Applicant's arguments filed November 30, 2005 have been fully considered but 
they are not persuasive for the following reasons: 

Regarding claim 1 , the Applicant argues that the CPA, Foth (U.S. Patent 
Publication No. 2003/0068045 A1 ) does not teach the newly added limitation of 
"establishing a communication channel directly between the client and the server via 
one of a wireless link and a landline." This argument is not found persuasive. The 
limitation of "establishing a communication channel directly between the client and the 
server" is not disclosed in the specification. The word "directly" means "without anything 
intervening" (dictionary.com). The specification discloses that the means of retrieving 



Application/Control Number: 10/001 ,449 Page 3 

Art Unit: 2131 

documents can be done via the Internet. It is well-known that the Internet has a series 
of hops which vary depending on where the accessed computer is located. Therefore, 
the Examiner asserts that the Internet is implicitly non-direct. Furthermore, if using a 
wireless client, as disclosed in the application, the client will have to at least 
communication with a wireless transceiver. The CPA states that the "request is sent 
from the mobile device 22 to the data center via adaptor 30 and Internet 18" (paragraph 
0023). The adaptor can be viewed as a wireless transceiver which is necessary for 
wireless communications. Therefore, it is asserted that the CPA does teach 
"establishing a communication channel directly between the client and the server via 
one of a wireless link and a landline." 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claims 1,19, and 20 rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. The limitation of "establishing a communication channel directly between the 
client and the server" is not disclosed in the specification. The word "directly" means 
"without anything intervening" (dictionary.com). The specification discloses that the 
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means of retrieving documents can be done via the Internet. It is well-known that the 
Internet has a series of hops which vary depending on where the accessed computer is 
located. Therefore, the Examiner asserts that the Internet is implicitly non-direct. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-10, 12-19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Foth (U.S. Patent Application Publication No. 2003/0068045) in view of McGarvey 
et al. (U.S. Patent Application Publication No. 2003/0028773). 

Regarding claim 1 , Foth discloses: 

In a client-server-document repository system, a secure method for remote 
action by reference, comprising: 

'establishing a communication channel directly between the client and the 
server via one of a wireless link and a landline" (paragraph 23); 

"sending, from the client to the server, user credentials to release a 
document stored in the document repository and the address of the document 
(page 2: paragraphs 23-24); 

"verifying, at the server, the user's credential' (page 2: paragraphs 23-24); 
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"if verified, sending, from the server to the document repository, server 
credentials, and the address of the document (page2: paragraphs 23-24) 

' verifying, at the document repository, the server's credentials" (page 2: 
paragraphs 23-24); 

"if verified, sending the document from the document repository to the 
served (page 2: paragraph 24); and 

"if verified, performing the action on the document at the server" (page 2: 
paragraph 24). 

Foth does not explicitly disclose the method of "using a delegation credential in 
conjunction with user and server credentials to permit the server to perform an 
action on the document 1 . McGarvey discloses using a delegation credential in 
conjunction with user and server credentials to permit the server to perform an action on 
the document (page 4-5: paragraphs 45-52). McGarvey delineates a client sending a 
signed credential to a middle-tier server (server), which then sends the credential to a 
back-end server (document repository) for authentication on behalf of the client. 
McGarvey states that tiered network approaches are common, whereby in a tiered 
approach, the originator for a unit of work communicates via a client program, which 
then communicates with a middle-tier server (i.e. a web server) which then can access 
a database or other resource managers (i.e. document repository) (page 1 : paragraph 
2). McGarvey further states that "such a tiered approach to network applications may 
create a need for the secure propagation of security credentials of the request originator 
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through each of the tiers of the application" (page 1 : paragraph 3) and that "in such 
propagation of secure credentials, the request originator delegates to middle-tier 
servers the authority to access other servers on their behalf (page 1 : paragraph 3). 
Foth and McGarvey are analogous arts in that both deal with a tiered approach to 
access information from a back-end server (document repository) by going through a 
middle-tier server. The middle-tier server as applied to Foth would be the printer with 
the built in adaptor, and the back-end server would be the document repository where 
the document that is requested to be printed resides. Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to use the 
delegation credentials provided by McGarvey in conjunction with the user and server 
credentials of Foth, to allow the propagation of security credentials by allowing the 
middle-tier server to act on behalf of the client in accessing the back-end servers. 

Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 

The method of claim 1 , wherein "the server comprises a printer" (page 2: 
paragraph 20). 

Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Foth discloses: 
The method of claim 1, wherein "the server comprises a multi-function device 
for printing, faxing and scanning' (page 2: paragraph 20). 



Claim 4 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 
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The method of claim 1 , further comprising 'establishing a secure connection 
between the client and server prior to sending the user credentials, delegation 
credential and address of the document 1 (page 2: paragraph 21 ). 

Claim 5 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 

The method of claim 1 , wherein "the document addreess comprises a URL" 
(page 2: paragraph 23). 

Claim 6 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 
The method of claim 1 , wherein the delegation credential comprises: 
"URL of the serve? (page 2: paragraphs 23-24); 
"URL of the document to be fetched 1 (page 2: paragraphs 23-24); 
Foth does not explicitly disclose a certificate signed by the client, the delegator, 
delegatee, and the access rights delegated to the server. McGarvey discloses a 
credential which has a pre-nonce token which contains the identity of the middle-tier 
server (page 4: paragraph 47), a nonce signed by the client (digital certificate), and a 
random number which can be used for designating the rights of the server by containing 
an expiration date (pages 4-5: paragraphs 47-52). 

Claim 7 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 
The method of claim 1 , wherein the client comprises "a mobile device" (page 2: 
paragraph 21 ). 
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Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Foth discloses: 
The method of claim 7, wherein the mobile device comprises "a PDA" (page 2: 
paragraph 21). 

Claim 9 is rejected as applied above in rejecting claim 7. Furthermore, Foth discloses: 

The method of claim 7, wherein the mobile device comprises "a cell phone" 
(page 2: paragraph 21). 

Claim 10 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 

The method of claim 1 . 
Foth does not explicitly disclose the delegation credential including a time limit, wherein 
upon expiration of the time limit, the server's permissions expire. McGarvey discloses a 
random number, which has an expiration date, and at the back-end server, if it is 
determined that the random number received from the middle-tier server is expired, the 
delegation credential is not authenticated. 

Claim 12 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 

The method of claim 1 . 
Foth does not explicitly disclose that the delegation credential comprises a Satchel 
token. McGarvey discloses that the delegation credential includes a pre-nonce token 
which is used for authenticating to a back-end server. 
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Claim 13 is rejected as applied above in rejecting claim 1 Furthermore, Foth discloses: 

The method of claim 1 . 
Foth does not explicitly disclose that the delegation credential comprises an SPKI 
certificate. McGarvey discloses that the delegation credential includes a nonce signed 
digitally signed by a user. 

Claim 14 is rejected as applied above in rejecting claim 1. Furthermore, Foth discloses: 

The method of claim 1 , wherein "the server comprises a printed (page2: 
paragraph 20) and the action comprises "printing the document 1 (page 2: paragraph 
24) and wherein the verifying step comprises "verifying if the client has rights on the 
printer and if not sending an error message to the client (page 2: paragraph 23). 

Claim 15 is rejected as applied above in rejecting claim 14. Furthermore, Foth 
discloses: 

The method of claim 14. Foth does not explicitly state "verifying, at the printer, if 
sufficient media is available." However, it was well-known in the art at the time the 
invention was made, that every time a print job is sent to a printer, that the printer 
checks if it has sufficient memory to process the request. Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made, to check 
for sufficient media before commencing the print job. 
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Claim 16 is rejected as applied above in rejecting claim 15. Furthermore, Foth 
discloses: 

The method of claim 1 5. Foth does not explicitly disclose "upon printing the 
document, sending the client a notice." However, it was well-known in that art at the 
time of invention was made, that when a print job is completed, a notice will be sent to 
the client. Foth discloses a "secure retrieval of documents" (Abstract) which would 
imply that a user would know exactly when the print job was completed. Therefore, it 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made, to have the server send the client a notice when printing had completed. 

Claim 17 is rejected as applied above in rejecting claim 3. Furthermore, Foth discloses: 

The method of claim 3, wherein "the delegation credential includes the 
client's access rights associated with the document and constraints on the 
server" (page 2: paragraph 23). 

Claim 18 is rejected as applied above in rejecting claim 17. Furthermore, Foth 
discloses: 

The method of claim 17, wherein "the client's access rights include printing, 
faxing, copying, and fetching' (page 2: paragraph 23-24). 
Foth does not explicitly disclose the server's constraints include a predetermined 
number of copies that may be made and a predetermined period of time in which 
actions on the document maybe provided." McGarvey discloses a random number, 
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which has an expiration date, and at the back-end server, if it is determined that the 
random number received from the middle-tier server is expired, the delegation 
credential is not authenticated. 

Regarding claim 1 9, Foth discloses: 

In a client-server-document repository system, a secure method for remote 
action by reference, comprising: 

"establishing a communication channel directly between the client and the 
server via one of a wireless link and a landline (paragraph 23); 

"sending, from the client to the server, user credentials to release a 
plurality of documents stored in the document repository and the address of the 
document (page 2: paragraphs 23-24); 

"verifying, at the server, the user's credential' (page 2: paragraphs 23-24); 

"if verified, sending, from the server to the document repository, server 
credentials, and the address of the document (page2: paragraphs 23-24) 

"verifying, at the document repository, the server's credentials" (page 2: 
paragraphs 23-24); 

"if verified, sending the document from the document repository to the 
server'' (page 2: paragraph 24); and 

"performing the action on the document at the servei" (page 2: paragraph 24). 
Foth does not explicitly disclose the method of "using a plurality of delegation 
credentials in conjunction with user and server credentials to permit the server to 
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perform an action on the document on the user's behalf. McGarvey discloses 
using a delegation credential in conjunction with user and server credentials to permit 
the server to perform an action on the document (page 4-5: paragraphs 45-52). 
McGarvey delineates a client sending a signed credential to a middle-tier server 
(server), which then sends the credential to a back-end server (document repository) for 
authentication on behalf of the client. A plurality of credentials can be sent if there is a 
plurality of documents that need to be retrieved. McGarvey states that tiered network 
approaches are common, whereby in a tiered approach, the originator for a unit of work 
communicates via a client program, which then communicates with a middle-tier server 
(i.e. a web server) which then can access a database or other resource managers (i.e. 
document repository) (page 1 : paragraph 2). McGarvey further states that "such a 
tiered approach to network applications may create a need for the secure propagation 
of security credentials of the request originator through each of the tiers of the 
application" (page 1: paragraph 3) and that "in such propagation of secure credentials, 
the request originator delegates to middle-tier servers the authority to access other 
servers on their behalf (page 1 : paragraph 3). Foth and McGarvey are analogous arts 
in that both deal with a tiered approach to access information from a back-end server 
(document repository) by going through a middle-tier server. The middle-tier server as 
applied to Foth would be the printer with the built in adaptor, and the back-end server 
would be the document repository where the document that is requested to be printed 
resides. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to use the delegation credentials provided by McGarvey in 
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conjunction with the user and server credentials of Foth, to allow the propagation of 
security credentials by allowing the middle-tier server to act on behalf of the client in 
accessing the back-end servers. 

Regarding claim 20, Foth discloses: 

In a client-server-document repository system, a secure method for remote 
action by reference, comprising: 

' establishing a communication channel directly between the client and the 
server via one of a wireless link and a landline" (paragraph 23); 

' sending, from the client to the server, user credentials to release a 
document stored in the document repository and the address of the document 1 
(page 2: paragraphs 23-24); 

' verifying, at the server, the user's credential' (page 2: paragraphs 23-24); 

"if verified, sending, from the server to the document repository, server 
credentials, and the address of the document 1 (page2: paragraphs 23-24) 

'verifying, at the document repository, the server's credentials" (page 2: 
paragraphs 23-24); 

"if verified, sending the document from the document repository to the 
server" (page 2: paragraph 24); and 

"if verified, performing the action on the document at the serve? (page 2: 
paragraph 24). 



Application/Control Number: 1 0/001 ,449 Page 1 4 

Art Unit: 2131 

Foth does not explicitly disclose the method of 'using a delegation credential in 
conjunction with user and server credentials to permit the server to perform an 
action on the document 1 . McGarvey discloses using a delegation credential in 
conjunction with user and server credentials to permit the server to perform an action on 
the document (page 4-5: paragraphs 45-52). McGarvey delineates a client sending a 
signed credential to a middle-tier server (server), which then sends the credential to a 
back-end server (document repository) for authentication on behalf of the client. 
McGarvey states that tiered network approaches are common, whereby in a tiered 
approach, the originator for a unit of work communicates via a client program, which 
then communicates with a middle-tier server (i.e. a web server) which then can access 
a database or other resource managers (i.e. document repository) (page 1 : paragraph 
2). McGarvey further states that "such a tiered approach to network applications may 
create a need for the secure propagation of security credentials of the request originator 
through each of the tiers of the application" (page 1 : paragraph 3) and that "in such 
propagation of secure credentials, the request originator delegates to middle-tier 
servers the authority to access other servers on their behalf (page 1 : paragraph 3). 
Foth and McGarvey are analogous arts in that both deal with a tiered approach to 
access information from a back-end server (document repository) by going through a 
middle-tier server. The middle-tier server as applied to Foth would be the printer with 
the built in adaptor, and the back-end server would be the document repository where 
the document that is requested to be printed resides. Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to use the 
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delegation credentials provided by McGarvey in conjunction with the user and server 
credentials of Foth, to allow the propagation of security credentials by allowing the 
middle-tier server to act on behalf of the client in accessing the back-end servers. 

5. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Foth 
(U.S. Patent Application Publication No. 2003/0068045) in view of McGarvey et al. (U.S. 
Patent Application Publication No. 2003/0028773) and further in view of Taniguchi et al. 
(U.S. Patent 6,801 ,962). 

Claim 1 1 is rejected as applied above in rejecting claim 1 . The Foth-McGarvey 
combination does not explicitly teach that a delegation credential is used for authorizing 
payment for the action, sending the delegation credential to a payment provider, and 
verifying the credentials at the payment provider. Taniguchi discloses a mobile device 
in communication with a server, whereby the user authenticates to the server, and a 
print job is processed by request from the user, and the printing of the document is 
charged allowing a user to "make use of a pay print service utilizing the portable 
terminal device at an arbitrary place where the image forming device is provided" 
(column 2 lines 20-43). The Foth-McGarvey combination teaches sending a delegation 
credential from a client to a server, and sending a delegation credential from a middle- 
tier server to a back-end server, and verifying the delegation credential and the server 
credential at the back-end server. Foth-McGarvey and Taniguchi are analogous arts as 
all deal with servers, and Taniguchi deals with printing using a mobile device in the 
same manner as Foth. It is obvious that the back-end server can be a billing server 
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(payment provider), and the user can delegate the server to act on its behalf using the 
same logic described in rejecting claim 1 , to provide payment. Therefore it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to use 
the payment process disclosed by Taniguchi in conjunction with the system of Foth- 
McGarvey to allow a user to "make use of a pay print service utilizing the portable 
terminal device at an arbitrary place where the image forming device is provided" 
(Taniguchi, column 2 lines 20-43). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/001,449 



Page 1 7 



Art Unit: 2131 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

KA 

02/06/2006 



/ KYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




